14 DAY TRIAL // LG Australia representatives found out that their "security is 0%" after their website was hijacked and defaced by a “Website Security Exploit Team”.
According to The Sidney Morning Herald, a hacker team called Intra seems to be responsible for the hit which revealed the weak security measures implemented by the website's administrators.
Because only lge.com.au was taken down, until the problem is fixed, all the traffic was redirected to lg.com.au which wasn't affected in any way by the hacking operation.
"It seems as though your website has been hacked. How did we get past your security? ... What security? ;)," read a note on the defaced page.
Security experts believe that the operation was possible after the attackers managed to compromise the webserver that was hosting the site.
"It looks like the attacker has compromised the web server itself as the website home page has been replaced completely," said Ty Miller, CTO with security firm Pure Hacking
"Usually if the web application itself was compromised via Stored Cross Site Scripting or SQL Injection then you would still see the original home page HTML code containing the malicious code."
In these cases, even though it seems that only the index page is affected, once the webserver is overtaken, you can never know what other sensitive information might have ended up in the hands of the cybercriminals.
Team Intra are known for publishing passwords and other data as a result of a hit but maybe in this case, that information was stored in another place as a security measure.
Not long ago they took over the webpage belonging to UMH University via an SQL injection.
“Fix this, before someone more malicious comes along and decides to delete all your publications. You are meant to be researchers of computer science, yet some of you can't even make a unique password?," they wrote at the time.